Yes I agree. Since we don't have a database in an agent, we can't do role-based authorization.
I think we need to have that database so we can provide that security for the webdav interface as well as with the xmlrpc. WDYT? On Wed, Jul 28, 2010 at 8:31 AM, Wendy Smoak <[email protected]> wrote: > On Mon, Jul 19, 2010 at 3:16 AM, Marica Tan <[email protected]> wrote: > > > I added a WebDAV interface to the continuum build agent for displaying > the > > working copies. > > > > There's no security yet for the meantime, same with the XMLRPC of build > > agent. > > As I understand it, the build agent will only reply to the master url > in its configuration. (That is, it will accept requests from anyone, > which is a problem, but it will only send the reply to that one url.) > > Correct me if I'm wrong, but a webdav interface is different -- if > it's unsecured, anyone who connects can get the information, in this > case, the source code and build output sitting in the working copy. > > Thanks, > Wendy >
